“Despite the best of intentions, some efforts to protect student privacy hamstring students, teachers, and schools with unintended consequences,” said Amelia Vance, Director of Education Privacy at FPF. “Having people on the ground—students, parents, teachers, administrators, and edtech companies—involved in the policymaking process can keep well-intentioned laws from limiting important uses of data and technology in the classroom.”

FPF wrote the guide with an expert advisory council from the following organizations: AASA: The School Superintendents Association; the Alliance for Excellent Education; the Council of Chief State School Officers; Data Quality Campaign; the National Association of State Boards of Education; the National Conference of State Legislatures; and the National School Boards Association.

Schools have always collected a wide range of data—from enrollment information, to tracking student performance throughout the year, to health and disciplinary records—to allow teachers and school leaders to best serve every student. As all levels of education institutions take advantage of technology, such as vast libraries of resources, learning management systems, and tools that allow students to collaborate with peers around the globe, they are also using personal data associated with these kinds of connected learning. While increased data use has the potential to transform education for the better, empowering students and teachers to enhance learning, it can also put sensitive student information at risk. A loss of autonomy, a stifling of creativity due to feeling surveilled, or even the public revelation of highly sensitive information like financial data or disability status are just some potential consequences of technology misuse, poor data security policies, or insufficient privacy controls.

Effective policies enacted at the local, state, and federal levels can curtail the risks accompanying student data collection and ensure that data is used ethically to support learning. Since 2014, state policymakers have built new legal frameworks, passing almost 120 laws specifically to protect student privacy. As data breaches and privacy issues continue to capture public attention, it’s up to policymakers to develop thoughtful approaches to student data privacy: legislation, rules, policies, and technical safeguards that protect student data and can adapt to a quickly evolving technological environment.

The guide provides short answers to the following questions:

How Is Student Data Used?

Which Federal Laws Already Address Student and Child Privacy?

Do General Privacy Laws Address Student Data?

What Are Common State-Level Approaches to Regulating Student Data?

What Are Potential Issues to Consider When Drafting Student Privacy Legislation?

Which Stakeholders Should Policymakers Consult When Considering Measures to Protect Student Data?

Which Resources Can Policymakers Use to Further Evaluate and Create Student Data Privacy Legislation?

Good policy—including legislation, regulations, policies, enforcement, and other policymaking approaches—is key to protecting student data. While some state-based approaches have proven to keep student information safe and to promote innovation, laws and regulations sometimes have unintended consequences or are impractical for stakeholders to implement. Policymakers should be aware of their pivotal role in crafting and shaping effective student data privacy legislation because students deserve every opportunity to better themselves and increase their chances of success in a safe and trusted environment.